Lucene search

MitreCVE-2018-18524

HistoryMay 13, 2019 - 2:29 p.m.

CVE-2018-18524

2019-05-1314:29:00

CWE-79

mitre

web.nvd.nist.gov

evernote

windows

xss vulnerability

node.js

remote execution

nvd

cve-2018-18524

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim’s files and achieve remote execution command on the victim’s computer.

Affected configurations

Nvd

Node

evernoteevernoteMatch6.15windows

VendorProductVersionCPE
evernoteevernote6.15cpe:2.3:a:evernote:evernote:6.15:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
evernote	evernote	6.15	cpe:2.3:a:evernote:evernote:6.15:::::windows::

References

evernote.com/intl/en/security/updates

paper.seebug.org/737/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2018-18524